Enterprise Mobile Device Security: Spam Overview

The threat of spam is as prevalent for mobile devices as it is for fixed devices such as laptops and desktops. This age-old form of malware continues to plague consumers and enterprises alike. There are three primary places spam can come from when its target is a mobile device.

Here is a description of each of the vectors of mobile spam:

E-mail: The most common way to launch spam is via e-mail. Although this kind of attack is not limited to mobile devices by any stretch, the increased adoption of devices — and the gradual shift toward using mobile devices for primary e-mail connectivity — makes spam-clogged Inboxes a real (and likelier) concern.

Instant Messaging: Attacks that use Instant Messaging — already a threat to traditional computer networks — are now more common on mobile devices. Large communication providers and OS vendors offer not only the familiar form of Instant Messaging but also access to Twitter, Facebook, and other social media, which are also instant communication channels.

Social media spamming is one of the most dangerous threats to your users because social media resonate with them more closely than do other forms of communication, and their defenses against this type of spam are practically nonexistent.

The most important way to counter social media spam is the same way you counter other threats — with a three-pronged defense:

Be vigilant

Adopt a security-oriented posture

Relentlessly educate your users

SMS and MMS: The mobile environment has its own unique form of spam based on mobile messaging, in particular SMS and MMS. As any employee who’s used a mobile phone abroad can attest, hordes of spam SMS messages can hound the user to a disturbing degree.

What’s even more jarring is that in quite a few places, incoming SMSs are charged to the receiving party, so now the user not only gets an Inbox full of uninvited mobile spam but also has to pay for it.

While the threat vectors (ways to get spam to your device) can vary widely, the intent of the perpetrator(s) remains the same:

Entice users to part with their money by making grandiose marketing claims.

Phish for users’ data (or simply trash their devices) by getting them to open the message and click following links that load malware.